diff --git a/scripts/tier2/run_tier2_sandboxed.ps1 b/scripts/tier2/run_tier2_sandboxed.ps1 index 494759e0..c8da7f40 100644 --- a/scripts/tier2/run_tier2_sandboxed.ps1 +++ b/scripts/tier2/run_tier2_sandboxed.ps1 @@ -4,9 +4,11 @@ Launch OpenCode in the Tier 2 sandboxed mode. .DESCRIPTION Acquires a Windows restricted token (drops dangerous privileges), - sets explicit ACLs on the Tier 2 clone + app-data dir, wraps the - process tree in a Job Object, and launches OpenCode + the MCP server - under the restricted token. + wraps the process tree in a Job Object, and launches OpenCode + the + MCP server under the restricted token. The Tier 2 clone at + C:\projects\manual_slop_tier2\ is the only directory the OpenCode + session can read/write; AppData is OFF-LIMITS (enforced by the + agent's *AppData\\* bash deny rule). #> [CmdletBinding()] param( @@ -17,8 +19,6 @@ param( $ErrorActionPreference = "Stop" $Tier2ClonePath = (Resolve-Path $Tier2ClonePath).Path -$AppDataDir = "$env:LOCALAPPDATA\manual_slop\tier2" -$AppDataFailuresDir = "$env:LOCALAPPDATA\manual_slop\tier2_failures" $McpServerPath = "$MainRepoPath\scripts\mcp_server.py" Write-Host "[tier2-launcher] starting sandboxed OpenCode" @@ -74,7 +74,7 @@ public class RestrictedToken { $restrictedToken = [RestrictedToken]::GetCurrentTokenRestricted() Write-Host "[tier2-launcher] acquired restricted token" -# 2. Set explicit ACLs on the Tier 2 clone + app-data dir +# 2. Set explicit ACLs on the Tier 2 clone # (For v1, we rely on the existing user ACLs. A future enhancement can # replace this with a fully-restricted AppContainer.)